Technology briefs

Related Links

The Adobe PDF could be used to compromise a system running on Microsoft Windows XP, Adobe confirmed last week week.

Remote code embedded in a PDF could be executed in Versions 8.1 and earlier of Adobe Reader, Adobe Acrobat or Acrobat Elements. Adobe Acrobat 3D is also vulnerable. All those programs must be used in conjunction with Internet Explorer 7 to trigger the exploitation.

According to the SANS Institute, which announced news of the vulnerability last month, the vulnerability stems from the failure of the software to properly handle Web addresses embedded in the document. A malicious hacker could embed a PDF with a URL that could start other programs on the machine or execute other operations.

Adobe has not yet issued a patch correcting the problem, but it has offered instructions on how to modify the Windows XP registry settings to correct the vulnerability.

Metal shavings could be the cause of failures

Experiencing a mysterious surge in equipment failure in your data center? The culprit may be microscopic metallic shavings, NASA Goddard Space Flight Center researchers warned. For data centers, it is a serious problem, said NASA chief parts engineer Henning Leidecker, who is part of a research team tracking the problem. More serious than many know about.

The researchers are looking at how aging or inexpensively produced hardware can shed tiny conductive filaments of zinc typically less than a few millimeters long, known as zinc whiskers. Because they are conductive, such whiskers can short-circuit electronic equipment if they gather in sensitive regions of the equipment.

Usually it can take decades for a data center to collect a dangerous number of whiskers, and as many data centers age, the risk willincrease.

Zinc whiskers may come from a variety of sources. They mostly come from raised-floor tiles. Screws, nuts, washers and bus rails can be sources, too. The whiskers may be created through the movement of equipment or floor tiles, nicks and scrapes to the material, unequal thermal expansion, bending of the material or defects in the manufacturing process.

Despite their diminutive stature, the filings can cause big problems. Colorado reported that in 2005, a data center had been off-line for 30 days because zinc whiskers from floor tiles were blown by the air conditioning system into computers, shorting many of them.

GAO calls for additional testing of voting machines

The Government Accountability Office called for additional testing of voting machines used during the 2006 Florida general election to provide further assurance that the technology used did not contribute to the undervote in the states 13th District. The agency issued its statement to a special congressional task force now studying why that election produced an unusually large number of ballots that were cast but did not show a valid candidate choice.

GAO issued the information in an Oct. 2 statement to the House Administration Committees Task Force on Floridas District 13 Election.

Nabajyoti Barkakati, GAOs senior-level technologist for applied research and methods, conducted the election system analysis. He found that prior tests and reviews of Sarasota Countys voting systems didnt completely rule out the possibility that the voting systems contributed to the undervote.

Sarasota County, part of Floridas 13th District, used iVotronic direct-recording electronic voting systems (DREs) and the Unity election management system, manufactured by Election Systems and Software. The GAO statement added that additional tests might not completely eliminate the possibility that the machines helped cause the undervote.

Although the proposed tests could help provide increased assurance, they would not provide absolute assurance that the iVontronic DREs did not cause the large undervote in Sarasota County, GAO said. Absolute assurance is impossible, Barkakati said, because tests cannot recreate the election conditions.

Read more technology news on Government Computer News Web site at www.gcn.com.

A two-year campaign that prompted the Department of Homeland Security to issue its first-ever emergency directive to agencies to shore up cyber defenses appears in part to have been an attempt to spy on U.S. government internet traffic.